Does KitchenWeather share data with health authorities?

No. KitchenWeather does not share your records with DOHMH or any health authority. If an inspector asks to see your records, that is your decision.

Does KitchenWeather sell my data?

No. KitchenWeather does not sell, license, or share your kitchen's records for commercial purposes.

How is my data encrypted?

Data is encrypted in transit (TLS/HTTPS) and at rest in KitchenWeather's database infrastructure.

Can I export my records?

Yes. You can export your complete Trust Memory at any time from your account.

What happens to my data if I cancel?

You can export your records before cancelling. Account data is not immediately deleted upon cancellation.

Quick Answer: KitchenWeather encrypts your records in transit and at rest, does not sell your data, does not share records with health authorities, and treats your data as yours. You can export your complete Trust Memory at any time.

Expert-supervised by Takayuki SawaiGyoseishoshi — Licensed Administrative Professional, Japan

KitchenWeather Data Privacy and Security: Your Records, Your Control

When you use a digital system to store your kitchen's safety records, the question of where that data goes and who can see it matters. This article explains exactly what KitchenWeather does with your data — and, as importantly, what it does not do.

Your Data Is Yours

The most important principle of KitchenWeather's data approach: the records you create belong to you. Your morning check completions, temperature logs, findings, and Trust Memory history are your operational records. KitchenWeather stores them on your behalf — it does not claim ownership of them or use them for purposes beyond providing the service to you.

Encryption

Data is encrypted in two states:

In Transit

All data transmitted between your device and KitchenWeather's servers uses TLS encryption (HTTPS). When you submit a morning check, enter temperature readings, or access your dashboard, the connection is encrypted. Intercepting this data in transit would require breaking standard transport layer security.

At Rest

Data stored in KitchenWeather's infrastructure is encrypted at rest. Your records are not stored as readable plain text in the database. The encryption applies to all stored data, not just passwords.

Access Control

KitchenWeather uses Supabase as its database infrastructure. Row-level security (RLS) policies govern data access — meaning the system is designed so that queries can only return data belonging to the authenticated user. One kitchen account cannot access another kitchen's records, even if both are in the same database.

KitchenWeather's team does not routinely access individual kitchen records. Support requests may require examining account-level information, but access to operational records requires active intervention, not passive visibility.

What KitchenWeather Does Not Do

To be direct:

We do not sell your data. KitchenWeather does not sell, license, or share your kitchen's records with any third party for commercial purposes.
We do not share data with health authorities. Your records are not transmitted to DOHMH, the NYC Health Department, or any other regulatory agency. If a health inspector asks to review your records, that is your choice — it is not something KitchenWeather initiates.
We do not use your operational data for advertising. Your temperature logs and morning check history are not used to target you with advertising or shared with advertising networks.
We do not train AI models on your kitchen's records. Your operational data is used to deliver the service, not to train external AI systems.

Third-Party Services

KitchenWeather uses a small number of third-party services to deliver its functionality:

Supabase — database and authentication infrastructure, hosted on secure cloud infrastructure
Stripe — payment processing; Stripe handles payment card information directly and KitchenWeather never sees or stores full card numbers
OpenWeather API — weather data for Morning Shield alerts; your location is used to retrieve forecast data, not stored or shared

These services are chosen for their security standards and reliability. The data shared with each is limited to what is necessary for their specific function.

GDPR Awareness

KitchenWeather was designed with data minimization and user control principles consistent with GDPR, even for users outside the European Union. This means:

We collect only the data necessary to provide the service
You can export your records at any time
You can request deletion of your account and associated data
We do not retain data beyond what is needed for service delivery

What You Control

You can:

Export your complete Trust Memory at any time
Delete individual records if you made an error
Request full account deletion
Revoke staff access to your account
Choose whether to show your records to any inspector or third party

Frequently Asked Questions

If DOHMH requests my records, does KitchenWeather share them?

KitchenWeather does not proactively share records with DOHMH. Like any service, we would need to comply with a valid legal order, but routine inspection record requests are yours to fulfill or not.

Where are my records stored?

KitchenWeather uses Supabase cloud infrastructure. Data is stored in encrypted form in secure cloud environments.

What happens to my data if KitchenWeather shuts down?

In the event of service discontinuation, we would provide advance notice and data export capabilities before shutdown.

Can I use KitchenWeather's data to train my own systems?

Your records are yours to use as you see fit, including exporting them for your own analysis or systems.

Sources

OWASP Application Security Verification Standard (ASVS)
Stripe Security — stripe.com
GDPR: Key Principles — gdpr-info.eu
MmowW: Privacy Policy — mmoww.net/food/privacy

🟢 SAFE TODAY

Your kitchen is ready to serve. Start your morning shield.

Start Free — 0 setup fees

Founding Member pricing forever. Cancel anytime.